Re: [DNG] some ASCII issues

2017-06-28 Thread Harald Arnesen 
Rick Moen [2017-06-28 20:33]:

> Temporary files in /tmp are sometimes a little sensitive and sometimes
> greatly so.  (It's usually a tmpfs on my systems.)  Operational paranoia
> suggests keeping it at least cleaned up frequently, if you're going to
> bother to have /home as a dmcrypt filesystem.  That's where tmpfs is
> actually helpful in the sense that erasure means a file from there is
> truly gone.

/home/.tmp
-- 
Hilsen Harald
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Harald Arnesen 
Didier Kryn [2017-06-28 19:38]:

>  I don't see any reason to encrypt /usr. You might like to encrypt 
> /etc because it contains user names and (already encrypted) passwords. 
> But definitely there is no reason to encrypt everything.

But if you encrypt anything at all, isn't it easier to encrypt everything?
-- 
Hilsen Harald
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread zap 


On 06/28/2017 06:23 PM, KatolaZ wrote:
> On Wed, Jun 28, 2017 at 05:38:16PM -0400, zap wrote:
>
> [cut]
>
>> Oh the irony... 
>>
>> To those on this list who are Christians or some other religious group...
>>
>> ;)  anyways though thank you for helping me apply the fix on my system,
>> I don't know what would have happened one way or another, but thank you.
>> I downgraded successfully! Any chance that the next upgrades down the
>> road won't be broken? Also, did you remove the bad upgrades for good?
>> just curious.
> You should thank Devuan, not me :) The ascii repo was correctly
> re-merged into Debian Stretch, and the "bad" upgrades in your system
> (should) have been replaced with packages from Devuan Ascii. The next
> upgrades on Ascii should work well, or even better, since there are a
> few more packages which are being rebuilt to fix dependency problems
> and to align their versions.
>
> Actually, Ascii seems to be in a not-so-bad shape.
Ironically, other than openrc, the weird thing is, that devuan ascii
seems more stable than devuan jessie... weird... in my experience
anyways...

yes indeed thank you devuan.
>
> HND
>
> KatolaZ
>
>
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Arnt Karlsen 
On Wed, 28 Jun 2017 15:59:05 -0400, Hendrik wrote in message 
<20170628195905.ga...@topoi.pooq.com>:

> On Wed, Jun 28, 2017 at 07:58:13PM +0200, Arnt Karlsen wrote:
> >
> > ..if apt-get upgrade fails you, aptitude upgrade might work and 
> > vice versa, they solve package conflicts differently.  
> > Safely?  See above. ;o)
> 
> That's not the problem.  aptitude and apt-get use the same 
> repositories.
> 
> The problem is that at the moment, ascii contains the wrong
> packages. Packages you amost certainly don't want to install.
> 
> As far as I can tell at the moment, they might even require systemd.

..correct, that messy clean-up we're facing is why I mention the fact
that apt-get and aptitude solve package conflicts differently, that
difference may come handy when you get stuck solving dependency
conflicts using one of the 2, trying the other tool often (but not
always) fixed my problems.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Svante Signell 
On Wed, 2017-06-28 at 17:38 -0400, zap wrote:
> 
> ;)  anyways though thank you for helping me apply the fix on my
> system, I don't know what would have happened one way or another, but
> thank you. I downgraded successfully! 

And thank you for reporting this issue so it could be resolved so
quickly :)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 05:38:16PM -0400, zap wrote:

[cut]

> 
> Oh the irony... 
> 
> To those on this list who are Christians or some other religious group...
> 
> ;)  anyways though thank you for helping me apply the fix on my system,
> I don't know what would have happened one way or another, but thank you.
> I downgraded successfully! Any chance that the next upgrades down the
> road won't be broken? Also, did you remove the bad upgrades for good?
> just curious.

You should thank Devuan, not me :) The ascii repo was correctly
re-merged into Debian Stretch, and the "bad" upgrades in your system
(should) have been replaced with packages from Devuan Ascii. The next
upgrades on Ascii should work well, or even better, since there are a
few more packages which are being rebuilt to fix dependency problems
and to align their versions.

Actually, Ascii seems to be in a not-so-bad shape.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 11:53:52PM +0200, Antony Stone wrote:
> On Wednesday 28 June 2017 at 23:38:16, zap wrote:
> 
> > Regardless, I thank you for forking debian to remove systemd. I know
> > little of it, I only know it is less secure and slower to boot/more
> > resource intensive/slower download speed. but thanks I plan to donate to
> > your cause perhaps even today.
> 
> I like to think of systemd in the same way as 
> https://en.wikipedia.org/wiki/One_ring_to_rule_them_all
> 
> It started out as a small thing - seemingly innocuous - and yet its power 
> grows to surround, absorb and encompass all that it encounters, submitting 
> everything to its will, until there is nothing left but itself and its greed.

Just to point out that even people who are technically not bothered by
systemd have started asking the more fundamental question about
"diversity" and "alternatives":

  http://latenightlinux.com/late-night-linux-episode-12/

I know some of you have probably seen (well, listened to) this
already. That's a recent episode of a very popular podcast (born from
the dissolved Linux Luddites) which talked about Devuan a few weeks
ago. I found it very instructive. It actually allows us to hope
believing that Phoronix & Co. are not the only voices out there, but
maybe just the loudest ones.

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Antony Stone 
On Wednesday 28 June 2017 at 23:38:16, zap wrote:

> Regardless, I thank you for forking debian to remove systemd. I know
> little of it, I only know it is less secure and slower to boot/more
> resource intensive/slower download speed. but thanks I plan to donate to
> your cause perhaps even today.

I like to think of systemd in the same way as 
https://en.wikipedia.org/wiki/One_ring_to_rule_them_all

It started out as a small thing - seemingly innocuous - and yet its power 
grows to surround, absorb and encompass all that it encounters, submitting 
everything to its will, until there is nothing left but itself and its greed.

systemd (dare I say it?) had some admirable goals and purposes, but the ways 
in which its developers went about it (and still do), and the way in which it 
grows to replace everything in its wake, is firstly just not The Unix Way, and 
secondly goes against the concept of "my computer; my choice".  The systemd 
people decide things based on "their computer; their choice", without 
consideration for people who are different from them.


(well, that's my opinion (or at least one of them) anyway).


Antony.

-- 
This sentence contains exacly three erors.

   Please reply to the list;
 please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread zap 


On 06/28/2017 04:49 PM, KatolaZ wrote:
> On Wed, Jun 28, 2017 at 01:45:55PM -0700, Bruce Perens wrote:
>> On Wed, Jun 28, 2017 at 1:40 PM, KatolaZ  wrote:
>>> On Wed, Jun 28, 2017 at 03:59:05PM -0400, Hendrik Boom wrote:
 As far as I can tell at the moment, they might even require systemd.
>> For those of you requiring ritual purification, I recommend this St.
>> Ignutious video. 
> Thanks Bruce! Was going to send the very same link :D
>
> HND
>
> KatolaZ

Oh the irony... 

To those on this list who are Christians or some other religious group...

;)  anyways though thank you for helping me apply the fix on my system,
I don't know what would have happened one way or another, but thank you.
I downgraded successfully! Any chance that the next upgrades down the
road won't be broken? Also, did you remove the bad upgrades for good?
just curious.

Regardless, I thank you for forking debian to remove systemd. I know
little of it, I only know it is less secure and slower to boot/more
resource intensive/slower download speed. but thanks I plan to donate to
your cause perhaps even today.

>
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 01:45:55PM -0700, Bruce Perens wrote:
> On Wed, Jun 28, 2017 at 1:40 PM, KatolaZ  wrote:
> > On Wed, Jun 28, 2017 at 03:59:05PM -0400, Hendrik Boom wrote:
> 
> >> As far as I can tell at the moment, they might even require systemd.
> 
> For those of you requiring ritual purification, I recommend this St.
> Ignutious video. 

Thanks Bruce! Was going to send the very same link :D

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Bruce Perens 
On Wed, Jun 28, 2017 at 1:40 PM, KatolaZ  wrote:
> On Wed, Jun 28, 2017 at 03:59:05PM -0400, Hendrik Boom wrote:

>> As far as I can tell at the moment, they might even require systemd.

For those of you requiring ritual purification, I recommend this St.
Ignutious video. 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] AMPROLLA GLITCH: ISSUE SOLVED -- PLEASE READ CAREFULLY

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 04:32:26PM -0400, zap wrote:

[cut]

> > In other words:
> >
> > 1) create the file /etc/apt/preferences/ascii-pin containing the
> > following three lines:
> How do you make a file there especially if preferences is either missing
> or named differently?
> 
> 
> aka, /etc/apt/preferences
> 
> the below is therefore difficult unless someone tells me how to fix it...
>

Sorry, that's my fault. It should be /etc/apt/preferences.d/ascii-pin

Best

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 03:59:05PM -0400, Hendrik Boom wrote:
> On Wed, Jun 28, 2017 at 07:58:13PM +0200, Arnt Karlsen wrote:
> >
> > ..if apt-get upgrade fails you, aptitude upgrade might work and 
> > vice versa, they solve package conflicts differently.  
> > Safely?  See above. ;o)
> 
> That's not the problem.  aptitude and apt-get use the same 
> repositories.
> 
> The problem is that at the moment, ascii contains the wrong packages.  
> Packages you amost certainly don't want to install.
> 
> As far as I can tell at the moment, they might even require systemd.
> 

Hi hendrik,

please notice that the problem has been solved, as reported in an
earlier email.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] AMPROLLA GLITCH: ISSUE SOLVED -- PLEASE READ CAREFULLY

2017-06-28 Thread zap 


On 06/28/2017 12:04 PM, KatolaZ wrote:
> Hi All,
>
> as you know, there was a glitch in amprolla this morning, and by
> mistake ascii got merged on Debian Buster, the new Debian testing
> branch. This means that the users who apt-get updated/upgraded (or
> used aptitute update/upgrade) in the last 24 hours might have gotten
> some packages from what is effectively Devuan unstable.
>
> Please notice that only users using Devuan Ascii could be affected by
> the glitch, and only those who upgraded their system in the last 24
> hours. Devuan Jessie and Devuan Ceres are fine.
>
> The issue has now been resolved, mostly thanks to the prompt action of
> Centurion Dan and Nextime, and to the new version of amprolla coded by
> parazyd and Wizzup, which is able to produce a new merged tree in much
> less time than the current production system.
>
> We apologise for any inconvenience caused, but as said by jaromil,
> this is the first time that we witness a Debian switch from testing to
> stable on our merged repos. We have learned a lot from this incident,
> and we thank you all for your patience.
>
> For those whose Ascii system was erroneously upgraded with packages
> from the new Debian testing, please keep reading since it is possible
> to downgrade your system to use actual ascii packages. The trick
> consists into introducing a temporary pin of ascii to 1001, then
> apt-get update && apt-get dist-upgrade, and then remove the pin.
>
> In other words:
>
> 1) create the file /etc/apt/preferences/ascii-pin containing the
> following three lines:
How do you make a file there especially if preferences is either missing
or named differently?


aka, /etc/apt/preferences

the below is therefore difficult unless someone tells me how to fix it...

>
> Package: *
> Pin: release n=ascii
> Pin-Priority: 1001
>
> 2) # apt-get update
>
> 3) # apt-get dist-upgrade
> (this should remove all the newly upgraded packages)
>
> 4) remove /etc/apt/preferences/ascii-pin
>
> If you still experience issues, please get in touch via IRC on #devuan
> or #devuan-dev (freenet)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Ismael L. Donis Garcia 
I try to update a local ascii repository and it gives me the following 
error:


Mirroring to /mnt/datos/sistemas/linux/devuan/ascii/ascii from 
http://packages.devuan.org/merged//

Arches: i386,amd64
Dists: ascii
Sections: main/debian-installer,main,contrib,non-free
Pdiff mode: none
Will clean up after mirroring.
Attempting to get lock ...
Not able to use rsync to update remote trace files ...
Getting meta files ...

[Cut]

Cleanup mirror.
All done.
Errors:
Download of 
pool/DEBIAN/main/c/commons-pool/DEBIAN/libcommons-pool-java-doc_1.6-3_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/c/commons-pool/DEBIAN/libcommons-pool-java_1.6-3_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/g/golang-github-hailocab-go-hostpool/DEBIAN/golang-github-hailocab-go-hostpool-dev_0.0~git20160125.0.e80d13c-1_all.deb 
failed: 404 Not Found
Download of pool/DEBIAN/main/g/gtkpool/DEBIAN/gtkpool_0.5.0-9+b1_amd64.deb 
failed: 404 Not Found
Download of pool/DEBIAN/main/g/gtkpool/DEBIAN/gtkpool_0.5.0-9+b1_i386.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/h/haskell-resource-pool/DEBIAN/libghc-resource-pool-dev_0.2.3.2-6+b1_amd64.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/h/haskell-resource-pool/DEBIAN/libghc-resource-pool-dev_0.2.3.2-6+b1_i386.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/h/haskell-resource-pool/DEBIAN/libghc-resource-pool-doc_0.2.3.2-6_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/h/haskell-resource-pool/DEBIAN/libghc-resource-pool-prof_0.2.3.2-6+b1_amd64.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/h/haskell-resource-pool/DEBIAN/libghc-resource-pool-prof_0.2.3.2-6+b1_i386.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/n/node-generic-pool/DEBIAN/node-generic-pool_3.1.1-1_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/pd-pool/DEBIAN/pd-pool_0.2.2~git20161105.1.4b157f51-1_amd64.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/pd-pool/DEBIAN/pd-pool_0.2.2~git20161105.1.4b157f51-1_i386.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-ldappool/DEBIAN/python-ldappool_2.0.0-1_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-ldappool/DEBIAN/python3-ldappool_2.0.0-1_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-pika-pool/DEBIAN/python-pika-pool_0.1.3-2_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-pika-pool/DEBIAN/python3-pika-pool_0.1.3-2_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-socketpool/DEBIAN/python-socketpool_0.5.3-3_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/p/python-socketpool/DEBIAN/python3-socketpool_0.5.3-3_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/r/ruby-celluloid-pool/DEBIAN/ruby-celluloid-pool_0.20.5-1_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/r/ruby-connection-pool/DEBIAN/ruby-connection-pool_2.2.0-1_all.deb 
failed: 404 Not Found
Download of 
pool/DEBIAN/main/r/ruby-seamless-database-pool/DEBIAN/ruby-seamless-database-pool_1.0.17-1_all.deb 
failed: 404 Not Found

Failed to download files (22 errors)!
root@(none):/mnt/datos/sistemas/linux/devuan#

--
Ismael
Devuan User : http://distrowatch.com/table.php?distribution=devuan

- Original Message - 
From: "Hendrik Boom" 

To: 
Sent: Wednesday, June 28, 2017 3:59 PM
Subject: Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII



On Wed, Jun 28, 2017 at 07:58:13PM +0200, Arnt Karlsen wrote:


..if apt-get upgrade fails you, aptitude upgrade might work and
vice versa, they solve package conflicts differently.
Safely?  See above. ;o)


That's not the problem.  aptitude and apt-get use the same
repositories.

The problem is that at the moment, ascii contains the wrong packages.
Packages you amost certainly don't want to install.

As far as I can tell at the moment, they might even require systemd.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Hendrik Boom 
On Wed, Jun 28, 2017 at 07:58:13PM +0200, Arnt Karlsen wrote:
>
> ..if apt-get upgrade fails you, aptitude upgrade might work and 
> vice versa, they solve package conflicts differently.  
> Safely?  See above. ;o)

That's not the problem.  aptitude and apt-get use the same 
repositories.

The problem is that at the moment, ascii contains the wrong packages.  
Packages you amost certainly don't want to install.

As far as I can tell at the moment, they might even require systemd.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Didier Kryn 

Le 28/06/2017 à 20:33, Rick Moen a écrit :

Quoting Didier Kryn (k...@in2p3.fr):


 I don't see any reason to encrypt /usr. You might like to
encrypt /etc because it contains user names and (already encrypted)
passwords. But definitely there is no reason to encrypt everything.

/home would be where I keep anything that's sensitive.  I'm unclear on
why usernames in /etc are deemed sensitive, but I'm sure needs differ.

Temporary files in /tmp are sometimes a little sensitive and sometimes
greatly so.  (It's usually a tmpfs on my systems.)  Operational paranoia
suggests keeping it at least cleaned up frequently, if you're going to
bother to have /home as a dmcrypt filesystem.  That's where tmpfs is
actually helpful in the sense that erasure means a file from there is
truly gone.


Sure /home is the first place one thinks of encrypting and /tmp is 
the second, together with possible other fancy dirs. Encrypting passwd 
and the like would just add a little of security-through-obscurity by 
even hiding the usernames; this is why I considered /etc as a third 
(non-obvious) thing to encrypt; /etc also contains every local 
configuration, and it might make sense to hide it all.


To simplify, all of /home and /tmp aren't really part of the OS. 
The OS can boot without them. All the rest is the OS and is the same as 
any other install of the same OS; and there isn't any reason to encrypt 
something which is published and widespread.


Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Dave Turner 

On 28/06/17 17:06, KatolaZ wrote:

On Wed, Jun 28, 2017 at 10:50:07AM -0400, zap wrote:

[cut]


just wondered, Is aptitude upgrade safe?


No, it was not safe. If you have upgraded your Devuan Ascii (testing)
system in the last 24 hours, using whatever mean (apt-get, apt,
aptitude, synaptic, etc.) you might have erroneously got packages from
the new Debian testing (Buster). If this is the case, please read the
other email I just sent, since it contains an explanation of how you
can downgrade to ascii.

HND

KatolaZ



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


Tell me about devuan unstable ceres.

Nobody replied to my question about running ceres, happily I have not 
switched on my iMac running ascii in the last few days so the recent 
problems haven't affected me.


I have run debian unstable on assorted non-critical computers for years 
without any major problems apart from when GRUB changed to GRUB2, and it 
was 'fun' and I could fix the fuckups in a couple of minutes every time. 
But nowadays I use lilo...


Is devuan ceres as unsatble as debian pretend sid is?

And, since the latest updates on debian sid my laptop shows emails in 
huge fonts - which how this looks to me, or nice everyday 10 or 12 point 
fonts. Intrigues to know how I you see this.



DaveT


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Rick Moen 
Quoting Didier Kryn (k...@in2p3.fr):

> I don't see any reason to encrypt /usr. You might like to
> encrypt /etc because it contains user names and (already encrypted)
> passwords. But definitely there is no reason to encrypt everything.

/home would be where I keep anything that's sensitive.  I'm unclear on
why usernames in /etc are deemed sensitive, but I'm sure needs differ.

Temporary files in /tmp are sometimes a little sensitive and sometimes
greatly so.  (It's usually a tmpfs on my systems.)  Operational paranoia
suggests keeping it at least cleaned up frequently, if you're going to
bother to have /home as a dmcrypt filesystem.  That's where tmpfs is
actually helpful in the sense that erasure means a file from there is
truly gone.

Stephan's assertion that dmcrypt rootfs is impossible without an initrd
certainly _might_ be correct.  In casual reading, I found that one
obstacle is that the code for the 'cryptdevice' and 'cryptkey' keywords
in GRUB work only with initrd.  There are similar keywords for syslinux,
but I couldn't tell in a quick survey whether they are initrd-specific.

Anyway, my broader point is that, if I wanted to mount my rootfs as
dmcrypt, I'd try a few things and see if it could be done my preferred
simplified-architecture way with a locally compiled kernel without an
initrd.  Are there further obstacles beyond bootloader keyword
limitations?  That's what trying would determine.  If nothing seemed to
work, I'd probably just punt and build a minimal initrd just for the
things seemingly inaccessible any other way.  (There's no point in being
a fanatic about it.)

Since I don't happen to want to try that today, that's an exploration
for another time (in my view).

And my even broader point is that nowhere is it written that a
technology must be absolutely universally loved by, and useful to,
everyone before anyone is allowed to like and use it.  Calling how I've
maintained my computing home on Linux a 'niche' since 1993 seems like a
little much.  Your niche, my normality.  This isn't Microsoft; one size
isn't required to fit all.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Arnt Karlsen 
On Wed, 28 Jun 2017 17:06:18 +0100, KatolaZ wrote in message 
<20170628160618.gu14...@katolaz.homeunix.net>:

> On Wed, Jun 28, 2017 at 10:50:07AM -0400, zap wrote:
> 
> [cut]
> 
> > 
> > just wondered, Is aptitude upgrade safe?
> > 
> 
> No, it was not safe. If you have upgraded your Devuan Ascii (testing)
> system in the last 24 hours, using whatever mean (apt-get, apt,
> aptitude, synaptic, etc.) you might have erroneously got packages from
> the new Debian testing (Buster). If this is the case, please read the
> other email I just sent, since it contains an explanation of how you
> can downgrade to ascii.

..if apt-get upgrade fails you, aptitude upgrade might work and 
vice versa, they solve package conflicts differently.  
Safely?  See above. ;o)

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Didier Kryn 

Le 28/06/2017 à 15:40, Stephan Seitz a écrit :
And today you should always encrypt your discs. 


I don't see any reason to encrypt /usr. You might like to encrypt 
/etc because it contains user names and (already encrypted) passwords. 
But definitely there is no reason to encrypt everything.


Didier


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Amprolla replacement in RE: WARNING! DO NOT APT-GET

2017-06-28 Thread Gary Olzeke 
In an earlier post on DNG, it was implied that Amprolla was being
considering being
replaced (my impression).
'
here is an article in regards to Debian's server platform being considered
for replacement.
https://lwn.net/Articles/724986/
'
FWIW - gary
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Boruch Baum 
Hello all,

I'd like to get a few comments in to the devuan developers before a
"fix" is decided upon. I'll also share the anecdote of how a separate
problem in the devuan infrastructure indirectly saved me from falling
victim to this incident:

1] IMO, the issue isn't really that devuan wasn't prepared for
   debian's naming change; it's that devuan decided to redirect users
   to repositories of another project.

2] That decision is guaranteed to be a source of future problems, even
   as it saves the devuan project bandwidth and hosting costs.

3] Now might be a good time to review the cost-savings of that
   decision against:

3.1] The overhead costs of maintaining the complexities of redirecting
 to outside repositories and maintaining the merged devuan
 repository.

3.2] The replacement of one point of failure (a theoretical complete
 devuan repository) with three points (the redirect mechanism, the
 devuan merged repository, the debian infrastructure).

3.3] The consequences to devuan's reputation from being reliant on
 the whims, fortunes, and circumstances of an outside project.

3.3.1] There might be a chicken-and-egg issue here in that potential
   enterprise sponsors of the project might be hesitant to support
   devuan because of how it has decided to manage its
   infrastructure, while the devuan project might be hesitant to
   invest in 100% in-huose infrastructure without enterprise
   sponsorship.

Personally, I have only a single devuan install, for non-commercial
use, based upon a combination of `stable' and `testing', and it was
saved because I had earlier noticed that the devuan infrastructure
wasn't supporting "translation" repositories. I noticed this when
`apt-cache show' wasn't displaying extended package descriptions for
non-installed packages. The best `fix' I came up with for this was a
`kludge' of reading debian's translation files directly from their
repositories. However, because this was my own 'kludge', I felt
uncomfortable enough with it that I began staging software upgrades
with `apt-get -s upgrade' and double-checking which repository and
which version were being used. Because I'm a persistently careful guy,
I continued doing this for weeks, so when the ascii/buster issue
arose, I noticed a problem immediately, but thought it was somehow due
to my personal 'kludge', and manually postponed upgrading those
particular files until I had time to investigate.

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 10:50:07AM -0400, zap wrote:

[cut]

> 
> just wondered, Is aptitude upgrade safe?
> 

No, it was not safe. If you have upgraded your Devuan Ascii (testing)
system in the last 24 hours, using whatever mean (apt-get, apt,
aptitude, synaptic, etc.) you might have erroneously got packages from
the new Debian testing (Buster). If this is the case, please read the
other email I just sent, since it contains an explanation of how you
can downgrade to ascii.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] AMPROLLA GLITCH: ISSUE SOLVED -- PLEASE READ CAREFULLY

2017-06-28 Thread KatolaZ 
Hi All,

as you know, there was a glitch in amprolla this morning, and by
mistake ascii got merged on Debian Buster, the new Debian testing
branch. This means that the users who apt-get updated/upgraded (or
used aptitute update/upgrade) in the last 24 hours might have gotten
some packages from what is effectively Devuan unstable.

Please notice that only users using Devuan Ascii could be affected by
the glitch, and only those who upgraded their system in the last 24
hours. Devuan Jessie and Devuan Ceres are fine.

The issue has now been resolved, mostly thanks to the prompt action of
Centurion Dan and Nextime, and to the new version of amprolla coded by
parazyd and Wizzup, which is able to produce a new merged tree in much
less time than the current production system.

We apologise for any inconvenience caused, but as said by jaromil,
this is the first time that we witness a Debian switch from testing to
stable on our merged repos. We have learned a lot from this incident,
and we thank you all for your patience.

For those whose Ascii system was erroneously upgraded with packages
from the new Debian testing, please keep reading since it is possible
to downgrade your system to use actual ascii packages. The trick
consists into introducing a temporary pin of ascii to 1001, then
apt-get update && apt-get dist-upgrade, and then remove the pin.

In other words:

1) create the file /etc/apt/preferences/ascii-pin containing the
following three lines:

Package: *
Pin: release n=ascii
Pin-Priority: 1001

2) # apt-get update

3) # apt-get dist-upgrade
(this should remove all the newly upgraded packages)

4) remove /etc/apt/preferences/ascii-pin

If you still experience issues, please get in touch via IRC on #devuan
or #devuan-dev (freenet).

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Rick Moen 
Quoting Stephan Seitz (stse+dev...@fsing.rootsland.net):

> That the kernel can’t find the root filesystem if it is encrypted?
> And the kernel lacks the capability to ask you for the password.

If you're correct that a kernal cannot find an encrypted rootfs, then by
the same token it cannot find an encrypted initrd, either.  So, what
have you really gained?

In any event, I think you are incorrect.  Here's a runthrough that Pavel
Kogan wrote, and nothing he describes requires an initrd.  He _does_ 
use a RAMdisk to store the keyfile after booting, but that's a different
matter.  http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/

> >Anyway, I don't want to encrypt all discs on my Linux server for
> 
> Well, server may be a special case.

It's funny how all the new Linux kiddies keep wanting to dismiss what
I've been doing since 1993 on Linux (and since the 1980s on other
*nixes) as a 'special case'.  Both funny-haha and funny-peculiar.

> Well, I want it.

Happily, I'm not standing in your way.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Stephan Seitz 

On Mi, Jun 28, 2017 at 06:55:37 -0700, Rick Moen wrote:

Yes, and this will not work with new-school methods like disc
encryption because something needs to ask you for the password.

What exactly about LUKS is incompatible with use of a kernel compiled to
include all key drivers including those to find the root filesystem
(thus eliminating a dependency on initrds)?  Nothing in


That the kernel can’t find the root filesystem if it is encrypted? And 
the kernel lacks the capability to ask you for the password.



Anyway, I don't want to encrypt all discs on my Linux server for


Well, server may be a special case.


numerous compelling reasons, and I'd rather not have a LUKS root
filesystem on my Linux laptops, either.


Well, I want it. First, you can have keys in /etc for VPN for example.  
Second I don’t want to think about which partions are „safe”.


Besides if your disc controler dies you can’t easily delete the data. If 
everything is encrypted you can simply through away the disc.


Many greetings,

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |


smime.p7s
Description: S/MIME cryptographic signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread zap 


On 06/28/2017 08:11 AM, KatolaZ wrote:
> On Wed, Jun 28, 2017 at 02:06:43PM +0200, para...@dyne.org wrote:
>> On Wed, 28 Jun 2017, Svante Signell wrote:
>>
>>> On Wed, 2017-06-28 at 13:28 +0200, Edward Bartolo wrote:
 Hi,

 Too late for me. Apt logged the following information:

 Start-Date: 2017-06-25  18:47:08
 Commandline: apt-get upgrade
 Upgrade: libpam0g:amd64 (1.1.8-3.5, 1.1.8-3.6), debconf:amd64 (1.5.60,
 1.5.61),...
 [ a very long list of packages ]
 End-Date: 2017-06-25  18:55:08
>>> Same for me. We have to wait for the correct ascii version in amprolla and 
>>> then
>>> _unfortunately_ downgrade manually... (unless somebody has a bright idea)
>> Would a dist-upgrade be able to downgrade automagically?
>>
> Yes, it should, by fiddling a bit with priorities. We will work to
> provide a safe downgrade path for those users who were affected by the
> glitch.
>
> HND
>
> KatolaZ

just wondered, Is aptitude upgrade safe?

>
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Remote administation

2017-06-28 Thread Rick Moen 
Quoting Hendrik Boom (hend...@topoi.pooq.com):

> IPMI is presuably the same protocol described as "The most dangerous 
> protocol you've never heard of"?
> 
> http://www.itworld.com/article/2708437/security/ipmi--the-most-dangerous-protocol-you-ve-never-heard-of.html>
>  

For that reason, IPMI ports need to be at _least_ confined by VLAN
tagging to a special service network with no direct public access
whatsoever, if not physically separate.  Have mandatory VPN access
controls to get to that network, and watch it like a hawk.  Never, ever
let those ports be public-facing.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Rick Moen 
Quoting Stephan Seitz (stse+dev...@fsing.rootsland.net):

> On Di, Jun 27, 2017 at 10:57:16 -0700, Rick Moen wrote:
> >Step 1.  Compile a kernel that includes inline all key drivers including
> >those needed to find the root filesystem.
> >Step 2.  Profit!
> >That's the old-school method.
> 
> Yes, and this will not work with new-school methods like disc
> encryption because something needs to ask you for the password.
> 
> And today you should always encrypt your discs.

What exactly about LUKS is incompatible with use of a kernel compiled to 
include all key drivers including those to find the root filesystem
(thus eliminating a dependency on initrds)?  Nothing in
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
appears to absolutely require an initrd, for key storage or anything
else.

Anyway, I don't want to encrypt all discs on my Linux server for
numerous compelling reasons, and I'd rather not have a LUKS root
filesystem on my Linux laptops, either.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Stephan Seitz 

On Di, Jun 27, 2017 at 10:57:16 -0700, Rick Moen wrote:

Step 1.  Compile a kernel that includes inline all key drivers including
those needed to find the root filesystem.
Step 2.  Profit!
That's the old-school method.


Yes, and this will not work with new-school methods like disc encryption 
because something needs to ask you for the password.


And today you should always encrypt your discs.

Many greetings,

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |


smime.p7s
Description: S/MIME cryptographic signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Rick Moen 
Quoting k...@aspodata.se (k...@aspodata.se):

> And that works when the root filesystem is on a device with fixed major/
> minor number, e.g. /dev/sda2 /dev/hda1, and even /dev/md1 for md 
> devices with the old (0.90) format superblock if they are auto-assebled.
> It doesn't work for devices with dynamic device numbers.

Yeah, I don't use Linux systems where that is an issue.  I.e., USB mass
storage gets used only for ancillary removable storage that doesn't have
or need fixed mountpoints.  (But if I did want my removable 2TB backup
drive in /etc/fstab, it could be referenced in /etc/fstab by disk label
or UUID.  I merely prefer to avoid those ugly solutions, but they do
exist.  Currently, it might be /dev/sdd1 or /dev/sde1 depending on
runtime events, but that's not an actual problem:  I look in dmesg |
tail, see what it got recognised as, and mount / umount that.)

> Just be shure that e.g. /dev/sda2 points to the right disk if you have
> more than one, and ohh, don't compile in usb-storage and accidentally
> leave an usb-stick connected while rebooting, it could show up as
> /dev/sda.

The latter never, literally never, happens on any system of my
experience where the main storage is SAS or SATA (or PATA or old SCSI,
or ESDI or RLL or MFM...).  I keep hearing people warn about that, but
it doesn't appear to happen.  USB-attached mass storage gets assigned 
device nodes later in the alphabet.  

If I ever see it happen, I'll deal with that then, but it's been decades
now since people like Greg Kroah-Hartman (udev guy) and countless others
kept claiming this would be a problem, and I have yet to see it happen
at all, let alone on any system I admin.


> My impression is that the kernel is going in the direction where the
> old-school method is harder to do simply because the kernel devs
> doesn't care about it, but you can counter that by keeping things
> simple, if you wish.

As it happens, I do so wish.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Adam Sampson 
k...@aspodata.se writes:

> And that works when the root filesystem is on a device with fixed
> major/ minor number [...] It doesn't work for devices with dynamic
> device numbers.

That used to be true, but it's improved quite a bit in recent
years. Since 2.6.37 (2011), the kernel lets you specify a partition in a
GPT partition table by UUID:

  root=PARTUUID=39a734b6-4068-4ee7-8f6f-b6248588af37

And since 3.8 (2013) you can specify a partition in a regular MS-DOS
partition table by disk ID and partition number:

  root=PARTUUID=e50b843a-01

This is really handy when you're using dynamically-numbered devices and
don't otherwise need an initramfs (e.g. root on a USB stick, in
combination with rootwait).

See name_to_dev_t in init/do_mounts.c for the full details:
http://elixir.free-electrons.com/linux/v4.11.7/source/init/do_mounts.c#L182

-- 
Adam Sampson  
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread karl 
Rick Moen:
> Quoting John Morris (jmor...@beau.org):
> 
> > Nope, that negates one of the principle reasons to use an initramfs in
> > the first place.  You assume the stock kernel can see the drive where
> > you intend to put this new partition; one of the big drivers of initrd
> > in the first place was exotic hardware, etc. so GRUB uses BIOS
> > (including extension ROMs on controller cards) to load both the kernel
> > and the initrd so it can take whatever steps are needed, i.e load the
> > right modules, start lvm, setup encrypted filesystem magic, etc. to make
> > the main drive/partitions/etc. visible.  Your idea could deal with most
> > everything that didn't need a kernel module but totally fails at that
> > task.
> 
> Step 1.  Compile a kernel that includes inline all key drivers including
>  those needed to find the root filesystem.
> Step 2.  Profit!
> 
> That's the old-school method.

And that works when the root filesystem is on a device with fixed major/
minor number, e.g. /dev/sda2 /dev/hda1, and even /dev/md1 for md 
devices with the old (0.90) format superblock if they are auto-assebled.
It doesn't work for devices with dynamic device numbers.

Just be shure that e.g. /dev/sda2 points to the right disk if you have
more than one, and ohh, don't compile in usb-storage and accidentally
leave an usb-stick connected while rebooting, it could show up as
/dev/sda.

My impression is that the kernel is going in the direction where the
old-school method is harder to do simply because the kernel devs
doesn't care about it, but you can counter that by keeping things
simple, if you wish.

Regards,
/Karl Hammar

---
Aspö Data
Lilla Aspö 148
S-742 94 Östhammar
Sweden
+46 173 140 57


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread KatolaZ 
On Wed, Jun 28, 2017 at 02:06:43PM +0200, para...@dyne.org wrote:
> On Wed, 28 Jun 2017, Svante Signell wrote:
> 
> > On Wed, 2017-06-28 at 13:28 +0200, Edward Bartolo wrote:
> > > Hi,
> > > 
> > > Too late for me. Apt logged the following information:
> > > 
> > > Start-Date: 2017-06-25  18:47:08
> > > Commandline: apt-get upgrade
> > > Upgrade: libpam0g:amd64 (1.1.8-3.5, 1.1.8-3.6), debconf:amd64 (1.5.60,
> > > 1.5.61),...
> > > [ a very long list of packages ]
> > > End-Date: 2017-06-25  18:55:08
> > 
> > Same for me. We have to wait for the correct ascii version in amprolla and 
> > then
> > _unfortunately_ downgrade manually... (unless somebody has a bright idea)
> 
> Would a dist-upgrade be able to downgrade automagically?
> 

Yes, it should, by fiddling a bit with priorities. We will work to
provide a safe downgrade path for those users who were affected by the
glitch.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Remote administation

2017-06-28 Thread Hendrik Boom 
On Wed, Jun 28, 2017 at 12:32:01AM -0500, John Morris wrote:
> On Sat, 2017-06-24 at 11:04 -0500, Don Wright wrote:
> 
> > Just teleport into the datacenter on the other side of the planet, or the
> > office building where your after-hours key card doesn't work because all
> > cards were cancelled following the alleged burglary last week*, or do some
> > other Herculean task, and insert that healing potion.
> 
> One acronym.  IPMI.  When it is truly important, use real server
> hardware designed to be remotely managed.  In a worst case scenario like
> you describe you might need a Windows PC on your end to use the full
> featured vendor supplied IPMI client tools that let you remote mount a
> USB stick or CD to a machine but it can do it.  Of course now they are
> pushing the almost entirely closed Intel AMT stuff.  Bleh.

IPMI is presuably the same protocol described as "The most dangerous 
protocol you've never heard of"?

http://www.itworld.com/article/2708437/security/ipmi--the-most-dangerous-protocol-you-ve-never-heard-of.html>
 

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread para...@dyne.org 
On Wed, 28 Jun 2017, Svante Signell wrote:

> On Wed, 2017-06-28 at 13:28 +0200, Edward Bartolo wrote:
> > Hi,
> > 
> > Too late for me. Apt logged the following information:
> > 
> > Start-Date: 2017-06-25  18:47:08
> > Commandline: apt-get upgrade
> > Upgrade: libpam0g:amd64 (1.1.8-3.5, 1.1.8-3.6), debconf:amd64 (1.5.60,
> > 1.5.61),...
> > [ a very long list of packages ]
> > End-Date: 2017-06-25  18:55:08
> 
> Same for me. We have to wait for the correct ascii version in amprolla and 
> then
> _unfortunately_ downgrade manually... (unless somebody has a bright idea)

Would a dist-upgrade be able to downgrade automagically?

-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Svante Signell 
On Wed, 2017-06-28 at 13:28 +0200, Edward Bartolo wrote:
> Hi,
> 
> Too late for me. Apt logged the following information:
> 
> Start-Date: 2017-06-25  18:47:08
> Commandline: apt-get upgrade
> Upgrade: libpam0g:amd64 (1.1.8-3.5, 1.1.8-3.6), debconf:amd64 (1.5.60,
> 1.5.61),...
> [ a very long list of packages ]
> End-Date: 2017-06-25  18:55:08

Same for me. We have to wait for the correct ascii version in amprolla and then
_unfortunately_ downgrade manually... (unless somebody has a bright idea)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Jaromil 

The ascii repositories are now offline.

We will proceed sorting the issue and keeping you informed.

I hope everyone understands this is the first time we experience a
switch of Debian releases and that it is well part of our 'testing'
phase to adjust amprolla's behaviour to behave on these circumstances.

Jessie remains stable and is not affected by the issue

ciao
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WARNING! DO NOT APT-GET UPDATE/UPGRADE ON ASCII

2017-06-28 Thread Edward Bartolo 
Hi,

Too late for me. Apt logged the following information:

Start-Date: 2017-06-25  18:47:08
Commandline: apt-get upgrade
Upgrade: libpam0g:amd64 (1.1.8-3.5, 1.1.8-3.6), debconf:amd64 (1.5.60,
1.5.61),...
[ a very long list of packages ]
End-Date: 2017-06-25  18:55:08

-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
If you cannot make abstructions about details you do not understand
the concepts underlying them.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Warning: Don't upgrade ASCII until merged is corrected

2017-06-28 Thread Svante Signell 
Hi,

Happily upgrading ASCII with
deb http://auto.mirror.devuan.org/merged ascii  main contrib non-free
in /etc/apt/sources.list I suddenly realized that the (many) upgraded packages
come from Debian/Testing. Please fix merged ASAP to point at Debian/Stretch.

Or is the idea to base the ASCII release on Debian/Buster i.e. now
Debian/Testing?

Anybody have an idea on how to downgrade efficiently? For example X does not
work any longer, even though 1.10.18-1+devuan2.3 is installed.

Thanks!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

2017-06-28 Thread Arnt Karlsen 
On Tue, 27 Jun 2017 18:37:31 -0700, Bruce wrote in message

[DNG] About /usr merge and Initramfs [was Re: some ASCII issues]

2017-06-28 Thread Didier Kryn 

Le 28/06/2017 à 08:11, Didier Kryn a écrit :

Le 28/06/2017 à 07:47, John Morris a écrit :

On Sat, 2017-06-24 at 11:08 +0200, Didier Kryn wrote:


  Anyway I think there's a simple method to live without the
initramfs. Everything which is done from initramfs could be done the
same way from a disk partition, which might make it easier to debug:
have a /os directory containing all the necessary subdirs, /os/proc,
/os/sys, /os/dev, /os/run /os/usr, /os/lib, /os/var, /os/home... , 
mount

the first five, create the few necessary files and symlinks and
switch_root() to /os. This is exactly what your initramfs does.

Nope, that negates one of the principle reasons to use an initramfs in
the first place.  You assume the stock kernel can see the drive where
you intend to put this new partition; one of the big drivers of initrd
in the first place was exotic hardware, etc. so GRUB uses BIOS
(including extension ROMs on controller cards) to load both the kernel
and the initrd so it can take whatever steps are needed, i.e load the
right modules, start lvm, setup encrypted filesystem magic, etc. to make
the main drive/partitions/etc. visible.  Your idea could deal with most
everything that didn't need a kernel module but totally fails at that
task.


Now you've found another corner case:

"Grub doesn't know your hardware" AND " You refuse to use a 
proposed workaround"


Everyone has to live with one's own contradictions :-) . And this 
case has no relation with the /usr merge.


Didier 


Sorry for the random subject of the email. It wasn't entirely my fault.

Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] some ASCII issues

2017-06-28 Thread Didier Kryn 

Le 28/06/2017 à 07:47, John Morris a écrit :

On Sat, 2017-06-24 at 11:08 +0200, Didier Kryn wrote:


  Anyway I think there's a simple method to live without the
initramfs. Everything which is done from initramfs could be done the
same way from a disk partition, which might make it easier to debug:
have a /os directory containing all the necessary subdirs, /os/proc,
/os/sys, /os/dev, /os/run /os/usr, /os/lib, /os/var, /os/home... , mount
the first five, create the few necessary files and symlinks and
switch_root() to /os. This is exactly what your initramfs does.

Nope, that negates one of the principle reasons to use an initramfs in
the first place.  You assume the stock kernel can see the drive where
you intend to put this new partition; one of the big drivers of initrd
in the first place was exotic hardware, etc. so GRUB uses BIOS
(including extension ROMs on controller cards) to load both the kernel
and the initrd so it can take whatever steps are needed, i.e load the
right modules, start lvm, setup encrypted filesystem magic, etc. to make
the main drive/partitions/etc. visible.  Your idea could deal with most
everything that didn't need a kernel module but totally fails at that
task.


Now you've found another corner case:

"Grub doesn't know your hardware" AND " You refuse to use a 
proposed workaround"


Everyone has to live with one's own contradictions :-) . And this 
case has no relation with the /usr merge.


Didier


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng